Rules of AEM

  Cache Invalidation in Hybrid AEM: Keeping EDS and AMS in Sync on AWS CloudFront Introduction In a hybrid AEM setup where EDS and AMS serve different parts of the same website through AWS CloudFront, cache invalidation is one of the trickiest problems to solve. Both systems have completely different invalidation mechanisms — and if you don't coordinate them properly, editors end up seeing stale content, confused about why their published changes aren't showing up. This post explains how cache invalidation works in each system, why hybrid setups make it harder, and how to build a reliable invalidation strategy across both origins. The Core Problem In a single-origin AEM setup, invalidation is straightforward: Editor publishes in AEM Dispatcher flush agent clears the Dispatcher cache CloudFront invalidation clears the CDN layer Done In a hybrid setup you have two completely separate invalidation pipelines that must never interfere with each other: EDS publish event ...

aemrules.com Hybrid AEM CDN Architecture: Routing EDS + AMS on AWS CloudFront 8 min read  ·  Anuj Gangwar  ·  AEM Architect @ Adobe TL;DR Ask AI 5 things to know in 30 seconds 1 AWS CloudFront acts as a single traffic cop — routing every request to either EDS or AMS based on the URL path pattern. 2 EDS paths like /blog/* go to hlx.live origin. AMS paths like /products/* go to the Dispatcher origin. Default catch-all points to AMS. 3 Consolidate all EDS static assets under /eds/* — fonts, scripts, styles, blocks, icons all under one folder. One CloudFront rule instead of six. 4 A CloudFront Edge Function handles .html to clean URL 301 redirects at the edge — before any origin is contacted. 5 Always pass X-Forwarded-Host to both origins. AMS needs it for vhost matching. EDS Franklin Bot needs it for site resolution. Ask a question in the Ask AI tab for more details on a...

Prevent DDoS in Apache & IP Block Automation DDoS (Distributed Denial of Service) attacks are a type of cyberattack that can cause serious damage to your web server. These attacks involve flooding your server with a huge volume of traffic, overwhelming its resources and causing it to crash. In this blog post, we'll discuss how to prevent DDoS attacks in Apache, without using any third part tool/application.     Available Options to Prevent DDoS : You can use various mentioned methods to achieve the same. But using WAF, CDN, etc will cost extra dollars. Which might not be necessary for a small scale application.   Use a Web Application Firewall (WAF): A WAF can help detect and block malicious traffic before it reaches your Apache server. It can also help block common attack vectors, such as SQL injection and cross-site scripting (XSS). Install mod_evasive: mod_evasive is an Apache module that helps detect and block DDoS attac...

How to protect AEM against CSRF Attack ? Adobe Experience Manager (AEM) is a popular content management system that is widely used to develop and manage websites, mobile apps, and other digital experiences. However, like any other web application, AEM is vulnerable to cross-site request forgery (CSRF) attacks. CSRF attacks are malicious attacks where an attacker tricks a user into performing an action they did not intend to perform by exploiting the user's active session on a website. In this blog, we will discuss some measures that can be taken to protect AEM from CSRF attacks.   Implement CSRF protection in AEM:   The first and most important step to protect AEM from CSRF attacks is to implement CSRF protection in the application. AEM provides a built-in CSRF protection mechanism that can be enabled by setting the "sling.filter.methods" property in the OSGi configuration.  Navigate to the OSGi Web Console (/system/console/configMgr). Search for Apache Sling Refe...